Daira-Emma Hopwood
Daira-Emma Hopwood
https://www.youtube.com/watch?v=kYmnXxs9kUM is a version of Eli's talk with more technical detail.
What's the advantage of this over PPQ-securely negotiating a shared-secret address, and then using the current note encryption with it? The shared-secret address approach has the advantage that it's still...
Instead of negotiating a shared symmetric key on the PPQ-secure channel, the payee generates a new (spending key, payment address) and sends the payment address to the payer on the...
A commitment based on a SNARK-friendly cipher such as MiMC could be post-quantum hiding and binding, and also practically efficient (even more so than Pedersen commitments). However I think we're...
@defuse [wrote](https://github.com/zcash/zcash/issues/805#issuecomment-202667584), before the Zcash launch: > Grover can also be used to speed up collision-finding to the cube-root rather than the square-root, e.g. http://arxiv.org/pdf/quant-ph/9705002.pdf (Høyer was my quantum computing...
@defuse posted a potential attack on privacy in Sapling by DLP-breaking adversaries: https://github.com/zcash/zcash/issues/2527#issuecomment-453298733 but it doesn't work: https://github.com/zcash/zcash/issues/2527#issuecomment-453772822
SIDH/SIKE isogeny-based cryptosystems are starting to look quite promising for PPQ key exchange. Here's a recent paper with benchmarks: https://eprint.iacr.org/2018/1215 [Edit: [many isogeny-based systems were later broken](https://issikebrokenyet.github.io/).]
I posted [a comment on the forum](https://forum.zcashcommunity.com/t/is-zcash-actually-quantum-private/40706/37) that reflects my current understanding of Zcash's post-quantum privacy. There will be more detail in my upcoming Zcon3 presentation.
My presentation slides are at https://github.com/daira/zcash-security , and the video is at https://www.youtube.com/watch?v=f6UToqiIdeY .
NIST [have selected](https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms) some of the algorithms to be standardized in their post-quantum cryptography project: the key encapsulation mechanism CRYSTALS-Kyber (which can be used for encryption), and the signature algorithms...